- Adoption
- ForgeryThe Fortis Threat Intelligence Team has been monitoring the emerging news of active exploitation of two new Microsoft Exchange zero-day vulnerabilities. A write-up of this vulnerability was initially reported by Vietnamese cybersecurity company GTSC. The vulnerabilities were initially reported to the Zero Day Initiative (ZDI) and assigned ZDI-CAN-18333 and ZDI-CAN-18802. Microsoft released a public statement on 9/30/22 confirming these reports and identifying these vulnerabilities as an exploit chain using an authenticated server-side request forgery (SSRF) and a remote code execution (RCE) vulnerability which have been assigned as CVE-2022-41040 and CVE-2022-41082 respectively. The Fortis team has been actively threat hunting as of 9/29/22 and has taken steps to add indicators of compromise to block lists in its MSSP tenant spaces.
- ExtortionAfter incidents that were categorized as "big game hunting" resulted in heavy government scrutiny and major penalties, ransomware groups have shifted tactics somewhat to target smaller victims in an effort to evade high profile federal investigations. The threat actors have also employed double and triple extortion by not only encrypting the victims' networks but also threatening to publish stolen data online, disrupt network availability, and/or disclose the incident to key stakeholders. These tactics are used in an effort to increase the chances that the victim will pay the ransom.Â
- Intellectual Property